Third-party Ecosystem
Establish partnerships with third parties in alignment with the organisation’s risk strategy which involves monitoring, auditing and reporting of activities
Third-party Ecosystem sub-dimensions
4.1 Third-party selection criteria and processes
Develop specific criteria, requirements, and processes within formal selection processes for third-party partners based on RAI principles and practices.
Examples of evidence
RAI third-party evaluation criteria

Requirement for Foundational level
Initial set of third-party selection/evaluation criteria specific to RAI
Guidance on required RAI contract clauses

Requirement for Performing level
Guidelines outlining the clauses that should be part of third-party contracts to ensure appropriate adherence to RAI practices
4.2 Third-party data management protocols
Establish protocols and guidelines for third-party partners, defining activities such as responsible data handling and management.
4.3 Third-party monitoring, reporting and auditing
Implement processes for ongoing monitoring, auditing and reporting of third-party performance.
Examples of evidence
Audit reports and compliance assessments

Requirement for Performing level
Documented reviews and assessments of third-party partners’ RAI practices and protocols
Step-By-Step
Guide
This guide outlines the steps companies can take to establish a foundational level of RAI maturity and offers practical recommendations on how to progress towards higher levels of maturity across the five dimensions.
Best Practice
Tools
In this guide, you will find supporting tools and recommendations to help companies progress on the GSMA Responsible AI Maturity Roadmap. Developed by mobile operators, each example covers a specific sub-dimension required to operate at the highest level of maturity.
